skip to main content
Back to all blog posts

Posted in: Data Security/Privacy

Dec 1, 2016

7 Ways to Help Your Organization Prevent Costly Data Breaches

By Amy Marcen-Gaudaur and Aaron Baer

Businesses spend an estimated $84 billion each year defending their data against cyberattacks. However, a recent report by Accenture (the "Report") highlights the stark disconnect between these costly protection measures and their efficacy. The Report is based on the results of a survey conducted by Accenture of 2,000 executives from 12 industries and 15 countries across North America, South America, Europe and the Asia-Pacific region.

According to the Report, the failure rate of data breach prevention is "alarmingly high." Approximately one-third of targeted data breach attempts against corporations are successful, yet three-quarters of executives have not lost confidence in their cybersecurity strategies.

The "alarmingly high" failure rate is further exacerbated by the "sheer volume" of cyberattacks being conducted. On average, organizations are subject to more than a hundred targeted breach attempts each year, in addition to the thousands (and sometimes millions) of random breach attempts prevented each week. This means that these organizations can expect, on average, two to three successful attacks per month.

Accenture estimates that data theft currently costs organizations an aggregate of $2 trillion per year and that this number could potentially reach as high as $90 trillion by 2030 if trends continue. As we recently reported on The Spotlight, the average cost of a data breach for a Canadian company exceeds $6 million.

Why do Typical Strategies Fail?

While a majority of those surveyed for the Report admitted that it typically takes "months" to detect successful attacks, 17% confessed that such identification often takes a year or longer. This lag not only prevents organizations from properly responding to specific breaches, but also makes building an effective cybersecurity strategy nearly impossible. By the time a breach is identified, the data is already gone. By the time the vulnerability is identified, another thief has deployed a different strategy.

Further compounding the issue is the presence of both internal and external threats. Different protective strategies are required to deal with internal and external data theft, and the Report shows that most organizations have a difficult time prioritizing resources to properly protect against both.

Facing Reality - Data Breach Prevention Strategies

In the face of these gloomy statistics, those charged with a corporate cybersecurity mandate may be wondering how to survive in this increasingly risky landscape. The Report suggests the following:

  1. Define cybersecurity success
  2. Pressure-test security capabilities the way adversaries do
  3. Protect from the inside out
  4. Invest to innovate and outmaneuver
  5. Make security everyone's job
  6. Lead from the top
  7. Build on past lessons

In order to implement these strategies, it is critical that businesses provide the necessary training to employees at all levels of the company. Law firms with expertise in privacy and data breach prevention provide a vital service in this regard.

Third party service providers are often the weakest entry port for data breaches. Well-drafted contracts contain, amongst other things: (i) representations and warranties from the service provider that its cybersecurity meets the desired standards; (ii) covenants that the service provider will notify the business immediately upon discovering a potential breach; (iii) audit rights; and (iv) indemnification provisions that protect the business from bearing the economic burden of a data breach.

Organizations need to recognize the true scale of the cyberattacks they face, adapt to the changing landscape, and incorporate these best practices to protect their bottom line from the costs of data breaches.

Related Categories

Related Blogs

Posted in: GDPR | Data Security/Privacy | Data Protection

Insights TheSpotlight
GDPR Now in Force Has Worldwide Reach By Paige Backman and Ara Dungca Jun 19, 2018 The General Data Protection Regulation was implemented on May 25, 2018. While it officially only affects European citizens, it has worldwide effects. As discussed previously on The Spotlight, any organization offering goods or services to residents of the European Union are expected to comply wit...

Posted in: Data Security/Privacy | Data Protection

Insights TheSpotlight
Notifying Consumers of Data Breaches: New Regulations By Stephen Crawford Apr 24, 2018 The federal government has introduced new regulations setting out what information must be disclosed to consumers and to the Privacy Commissioner after a data breach. These regulations will take effect on November 1, 2018.

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
New Notification Requirements for Data Breaches By Stephen Crawford Apr 13, 2018 As of November 1, 2018, if your organization suffers a data breach, new reporting requirements will be in place that may require you to notify consumers and the Privacy Commissioner of the breach – or else face a fine of up to $100,000.